ESTIMATING AND VISUALIZING SECURITY RISK IN INFORMATION TECHNOLOGY SYSTEMS

US 20100125912A1
Filed: 11/19/2008
Published: 05/20/2010
Est. Priority Date: 11/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for estimating risk for an IT asset in an enterprise network, the method comprising the steps of:

receiving an assessment about a security state of the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a level of confidence that the problem with the IT asset exists; and

applying a value of the IT asset and the data from the assessment to estimate a discrete risk category that is applicable to the IT asset.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.

Citations

20 Claims

1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for estimating risk for an IT asset in an enterprise network, the method comprising the steps of:
- receiving an assessment about a security state of the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a level of confidence that the problem with the IT asset exists; and
  
  applying a value of the IT asset and the data from the assessment to estimate a discrete risk category that is applicable to the IT asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-readable medium of claim 1 in which the method includes a further step of estimating a security risk for the IT asset using a continuous risk expression.
  - 3. The computer-readable medium of claim 2 in which the method includes a further step of providing a visualization of the continuous risk expression through a GUI.
  - 4. The computer-readable medium of claim 3 in which the GUI is configured to display the visualization using a color-coded indicator to show different levels of discrete risk.
  - 5. The computer-readable medium of claim 4 in which the value of the IT asset is utilized to represent a known financial loss.
  - 6. The computer-readable medium of claim 1 in which the severity is further utilized to represent a scope of the loss.
  - 7. The computer-readable medium of claim 1 in which the level of confidence is further utilized to represent a probability of the loss.
  - 8. The computer-readable medium of claim 1 in which the IT asset is a computing device or a user of the computing device, the computing device being one of desktop PC, laptop PC, workstation, server, business system, or mobile computing device.

9. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for using an assessment that describes a state of security for an IT asset, the method comprising the steps of:
- monitoring the state of security for the IT asset;
  
  generating the assessment when a security problem is detected that affects the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a probability of known loss with the IT asset; and
  
  sending the assessment to an application, process, or service for processing, the processing being configured for providing an estimate of security risk that is associated with the monitored IT asset.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer-readable medium of claim 9 in which the method is performed using one of security product deployed in an enterprise network, a client-side security product, an enterprise server, or an external service.
  - 11. The computer-readable medium of claim 9 in which the type of problem comprises one of compromised IT asset or vulnerable IT asset.
  - 12. The computer-readable medium of claim 9 in which the processing includes a consideration of IT asset value when providing the estimate of security risk.
  - 13. The computer-readable medium of claim 9 in which the estimate of security risk is displayed using one of a plurality of discrete risk categories or continuously-expressed security risk.
  - 14. The computer-readable medium of claim 9 in which the security risk comprises a probability of a known loss in an IT asset.

15. A method for providing a visualization of security risk for a set of IT assets in an enterprise, the method comprising the steps of:
- estimating a discrete security risk for the set of IT assets, the estimating comprising assigning a risk category based on a combination of IT asset values, severity of security problems affecting the IT assets, and fidelity of assessments describing a security state for each of the IT assets in the set;
  
  calculating a continuously-expressed security risk from numeric risk values, the numeric risk values being based on a combination of IT asset values, severity of security problems affecting the IT assets, and fidelity of assessments describing a security state for each of the IT assets in the set; and
  
  dynamically displaying the discrete security risk and the continuously-expressed security risk through a GUI.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 in which the IT assets comprise at least one of IT assets disposed within a perimeter of an enterprise network or IT assets that are located outside the perimeter.
  - 17. The method of claim 15 including a further step of looking up the discrete risk category from a look up table.
  - 18. The method of claim 15 including a further step of looking up the numeric risk values from a look up table.
  - 19. The method of claim 15 in which the continuously-expressed security risk is displayed using a color-coded meter.
  - 20. The method of claim 15 including a further step of displaying one or more explanations to accompany the visualization of security risk for the set of IT assets in the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Greenshpon, Adar, Karidi, Ron, Helman, Yair, Rubin, Shai Aharon

Granted Patent

US 8,402,546 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

ESTIMATING AND VISUALIZING SECURITY RISK IN INFORMATION TECHNOLOGY SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ESTIMATING AND VISUALIZING SECURITY RISK IN INFORMATION TECHNOLOGY SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links